312-50v13 Exam Dumps - Certified Ethical Hacker Exam (CEHv13)

The payload that would have the most significant impact in the case of a successful SQL injection attack is OR ‘a’='a; DROP TABLE members; --. This payload combines the manipulation of the WHERE clause with a destructive action, causing data loss. This payload works as follows:

The OR ‘a’='a part of the payload is a logical expression that is always true, regardless of the input or the condition of the SQL statement. This part of the payload allows the attacker to bypass any authentication or authorization checks that may be implemented in the SQL statement, such as a login form or a search query.

The ; part of the payload is a statement terminator that marks the end of the current SQL statement and allows the attacker to inject another SQL statement after it. This part of the payload enables the attacker to execute multiple SQL statements in a single query, which is also known as stacked queries or batched queries.

The DROP TABLE members part of the payload is a destructive SQL statement that deletes the entire table named members from the database. This part of the payload causes data loss and may compromise the functionality and integrity of the application that relies on the table. The table name may vary depending on the target database, but the attacker can use other techniques, such as error-based or union-based SQL injection, to discover the table names before executing the drop statement.

The – part of the payload is a comment symbol that tells the SQL engine to ignore the rest of the query. This part of the payload helps the attacker to avoid any syntax errors or unwanted results that may arise from the original query.

The other options are not as impactful as option C for the following reasons:

A. ‘OR 'T="1: This payload manipulates the WHERE clause of an SQL statement, allowing the attacker to view unauthorized data. This payload is a common and basic SQL injection technique that injects a logical expression that is always true, such as 'OR 'T="1 or 'OR 1=1, to bypass the authentication or authorization checks of the SQL statement. This payload can allow the attacker to view data that they are not supposed to, such as user credentials, personal information, or financial records. However, this payload does not cause any data loss or modification, and it does not affect the functionality or integrity of the application.

B. ‘OR username LIKE '%: This payload uses the LIKE operator to search for a specific pattern in a column. This payload is a variation of the previous payload that injects a logical expression that is always true, such as 'OR username LIKE '% or 'OR 1 LIKE '%, to bypass the authentication or authorization checks of the SQL statement. The LIKE operator is used to compare a value with a pattern that may contain wildcard characters, such as % or _, which match any string or character. This payload can allow the attacker to view data that matches the pattern, such as usernames that start with a certain letter or contain a certain substring. However, this payload does not cause any data loss or modification, and it does not affect the functionality or integrity of the application.

D. UNION SELECT NULL, NULL, NULL – : This payload manipulates the UNION SQL operator, enabling the attacker to retrieve data from different database tables. This payload is an advanced SQL injection technique that injects the UNION SQL operator to combine the results of two or more SELECT statements into a single result set, which is then returned as part of the HTTP response. The UNION operator can be used to join the results from different tables that have the same number and type of columns. The NULL values are used to match the column types and avoid any errors. This payload can allow the attacker to retrieve data from tables that are not intended to be accessed by the application, such as system tables, configuration tables, or backup tables. However, this payload does not cause any data loss or modification, and it does not affect the functionality or integrity of the application.

PKI uses public-key cryptography, which is widely used on the Internet to encrypt messages or

authenticate message senders. In public-key cryptography, a CA generates public and private

keys with the same algorithm simultaneously. The private key is held only by the subject (user,

company, or system) mentioned in the certificate, while the public key is made publicly available

in a directory that all parties can access. The subject keeps the private key secret and uses it to

decrypt the text encrypted by someone else using the corresponding public key (available in a

public directory). Thus, others encrypt messages for the user with the user's public key, and the user decrypts it with his/her private key.

A Protocol Analyzer is the correct tool used to examine the contents of packet data (often stored in .pcap files) to determine if a particular sequence of traffic is suspicious, malformed, or part of a known exploit.

In CEH v13:

Module 3: Scanning Networks

Module 4: Enumeration

Module 5: Vulnerability Analysis

Related Lab: Packet Analysis using Wireshark

The CEH v13 Study Guide states:

“A protocol analyzer (e.g., Wireshark) captures and decodes packets to display their contents and help analysts understand communication flows and anomalies. It is used to manually inspect packet contents and behavior, which helps distinguish legitimate traffic from attacks.”

PCAP (Packet Capture) files are typically analyzed using tools like Wireshark. These tools decode protocol layers and show payloads, making it easier for analysts to identify if IDS alerts were accurate or false positives.

Incorrect Options:

B. Network sniffer: General term; protocol analyzer is the specific functional tool used.

C. IPS: Prevents or blocks malicious traffic, but does not analyze existing packet captures.

D. Vulnerability scanner: Identifies vulnerabilities on systems/services; not used for packet capture review.

Promiscuous mode is a configuration for a network interface card (NIC) that allows it to pass all network traffic to the CPU for processing, not just the traffic addressed to that NIC. It is commonly used in:

Network sniffing and monitoring

Packet analysis tools like Wireshark

IDS/IPS systems

Reference – CEH v13 Official Study Guide:

Module 8: Sniffing

Quote:

“Promiscuous mode allows a NIC to capture all packets on the network segment, regardless of the destination MAC address.”

Incorrect Options:

A. Multicast mode handles group address traffic, not all frames

C. WEM is not a valid network mode term

D. Port forwarding redirects traffic to specific internal IPs

===========

MAC flooding is a Layer 2 attack in which an attacker sends a large number of fake MAC addresses to a switch, filling up its CAM (Content Addressable Memory) table. Once the table is full:

The switch enters “fail-open” mode and broadcasts traffic to all ports

The attacker can then sniff sensitive traffic

This attack effectively turns a switch into a hub, facilitating data sniffing.

Incorrect Options:

A. Evil twin is a wireless attack using rogue access points.

B. DNS cache flooding corrupts DNS entries, unrelated to Ethernet.

D. DDoS attacks are about overwhelming systems/services, not Layer 2 memory overflows.

Reference – CEH v13 Official Courseware:

Module 11: Sniffing

Section: “Switch Port Stealing and MAC Flooding”

Subsection: “Layer 2 Attacks and CAM Table Poisoning”

===========

Infrastructure as a Service (IaaS) provides virtualized computing infrastructure over the internet. In this model:

The cloud provider supplies the hardware (servers, storage, networking).

The client (your organization) is responsible for installing and managing the OS, applications, and all configurations.

This aligns with the question, where the organization must take full responsibility for maintenance.

Incorrect Options:

A. PaaS offers managed OS, middleware, and runtime, reducing customer responsibilities.

B. SaaS provides fully managed applications—users only access features.

C. Functions as a Service (FaaS) offers event-driven computing without server management, used in serverless environments.

Reference – CEH v13 Official Courseware:

Module 19: Cloud Computing

Section: “Cloud Service Models”

Table: “Responsibilities in IaaS vs PaaS vs SaaS”

===========

SOX stands for Sarbanes-Oxley Act of 2002. It is a U.S. federal law enacted to protect shareholders and the general public from accounting errors and corporate fraud.

Key points:

Requires strict internal controls and financial disclosures in publicly traded companies.

Mandates regular audits and IT security controls related to financial data.

Applies especially to accounting systems, databases, access controls, and IT procedures related to financial reporting.

Incorrect Options:

A. PCI-DSS relates to securing credit card data.

B. FISMA pertains to federal agency cybersecurity standards.

D. ISO/IEC 27001:2013 is an international information security standard, not a legal requirement for financial integrity.

Reference – CEH v13 Official Courseware:

Module 01: Introduction to Ethical Hacking

Section: “Compliance and Legal Concepts”

Table: "Major Laws and Regulations in Information Security"

===========

Split DNS (also known as Split-Horizon DNS) is a configuration where internal users and external users receive different DNS responses. Typically, one DNS server resides in the DMZ for public access, and another is inside the network for internal name resolution.

📘 Reference – CEH v13 Official Study Guide, Module 9: System Hacking / Perimeter Security

“Split DNS allows different DNS records to be presented based on whether the requester is from inside or outside the organization’s network.”

❌ Incorrect options:

A. DynDNS is a dynamic DNS provider.

B. DNS Scheme is a non-standard term.

C. DNSSEC is a security extension for DNS, not a deployment model.